diff --git a/config/nginx/nginx.conf b/config/nginx/nginx.conf
index c0c5a75af5f9c31345d689363af91d77d5b9c14b..e834c93771a6e175ee34444230d6335b59d7c3fa 100644
--- a/config/nginx/nginx.conf
+++ b/config/nginx/nginx.conf
@@ -12,6 +12,16 @@ server {
   proxy_buffers 4 256k;
   proxy_busy_buffers_size 256k;
 
+
+    # add CORS header for form sub resources
+    location /api/form {
+        proxy_pass http://localhost:8090$request_uri;
+        if ($http_origin ~ /https?:\/\/membership([^\.]+)?\.eclipse.org/) {
+          add_header Access-Control-Expose-Headers Etag,Link,Content-Type,x-csrf-token;
+          add_header Access-Control-Allow-Origin $http_origin;
+          add_header 'Access-Control-Allow-Methods' 'GET,PUT,POST,DELETE';
+        }
+    }
   location /api {
     # don't cache it
     proxy_no_cache 1;
@@ -19,7 +29,7 @@ server {
     # even if cached, don't try to use it
     proxy_cache_bypass 1;
 
-    proxy_pass http://localhost:8090/api;  # note the trailing slash here, it matters!
+    proxy_pass http://localhost:8090$request_uri;
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -30,6 +40,19 @@ server {
     if_modified_since off;
     expires off;
     etag off;
+
+    # add CORS header for organizations sub resources
+    location /api/organizations {
+        proxy_pass http://localhost:8090$request_uri;
+        add_header Access-Control-Allow-Origin *;
+        add_header Access-Control-Expose-Headers Etag,Link,Content-Type,x-csrf-token;
+        add_header 'Access-Control-Allow-Methods' 'GET';
+
+        if ($http_origin ~ /https?:\/\/([^\.]+\.)?eclipse.org/) {
+          add_header Access-Control-Allow-Origin $http_origin;
+          add_header 'Access-Control-Allow-Methods' 'GET,PUT,POST,DELETE';
+        }
+    }
   }
 
   location /organization/images {
@@ -42,3 +65,4 @@ server {
     try_files $uri $uri/ /index.html =404;
   }
 }
+